• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 896
  • Last Modified:

IPSec Issue with Windows Server 2003

HI,
I am getting the issue with IPsec, I configured the IPsec and It was working fine before reboot as I reboot the server it stooped working. It is very surprising to me that Services are running and policy is assigned, still it is not working. If I reconfigure the rule it starts working.

Can any one give me idea why it don't work after restarting the server.
0
tanujchandna
Asked:
tanujchandna
  • 5
  • 4
1 Solution
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Did you configure your IPSec policies or used one of defined? If you created your own, check if there is the same settings for each policy you applied in

Policy properties -> General tab -> Setting button -> Authenticate and generate a new key after every: (check this value if it is not so low and is the same for each policy you have enabled)
0
 
tanujchandnaAuthor Commented:
Hi iSiek Thanks for Reply,
I am attaching my setting of Setting button, Can you please guide me what should I do.

polocy.JPG
0
 
tanujchandnaAuthor Commented:
HI, In Event Viewer getting following Error.
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Policy Change
Event ID:      615
Date:            9/24/2010
Time:            6:17:14 AM
User:            NT AUTHORITY\NETWORK SERVICE
Computer:      TEMS
Description:
IPSec Services:       PAStore Engine failed to add quick mode filter "Block Inbound TCP 1029 Rule" with error code: The specified transport mode filter already exists.
.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
No problem, you're welcome.
OK, it looks correctly. This is a default value. Do you have any entries in Event viewer?
How did you assign IPSec policies? Manually or via GPO ?
What does this policy do (answers for IPSec queries, request IPsec or require IPSec)?
0
 
tanujchandnaAuthor Commented:
I have assigned this policy through IPseccmd command, It blocks TCP 1029 inbound Port.
IPSeccmd.exe -w REG -p "Block TCP 1029 Filter" -r "Block Inbound TCP 1029 Rule" -f *=0:1029:TCP -n BLOCK -x

Error in Event Log :
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Policy Change
Event ID:      615
Date:            9/24/2010
Time:            6:17:14 AM
User:            NT AUTHORITY\NETWORK SERVICE
Computer:      TEMS
Description:
IPSec Services:       PAStore Engine failed to add quick mode filter "Block Inbound TCP 1029 Rule" with error code: The specified transport mode filter already exists.
.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Strange, I found something about this error in the Internet but I don't know if it's trusted solution. I've never found similar problem, sorry.

http://www.errordecoder.com/system-error-codes/11/code-13008.html

Maybe it is really connected to some system error like virus/spyware, drivers or registry. Could you check it, please? But be careful with those freeware tools.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
It looks like a problem with IPSeccmd command. It multiplies filters. Can you check it in policy properties, please?
OPen policy and on filter list and action list tabs check if you have more than 1 "Block Inbound TCP 1029 Rule filter list". Clean it up :)
Probably registry has to much rules about the same port block :]
0
 
tanujchandnaAuthor Commented:
Thanks a Alot !!!!
Resolved the Issue.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
you're welcome :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now